SSL exceptions occur on start up or no connections

Troubleshooting for SSL connections for client-to-node encryption and node-to-node encryption when exceptions occur on start up or no connections to the DSE database can be established.

• To enable debugging, add the following option to cassandra-env.sh:

  -Djavax.net.debug=ssl

  Detail startup and connection messages are printed to STDOUT, including SSL handshake errors. See Debugging SSL/TLS Connections for message details.

• Verify SSL encryption messages in /var/log/cassandra/system.log.
  • SSL starts properly:
    • For client-to-server connections:

      INFO  [main] 2017-06-15 21:50:41,928  Server.java:145 - Enabling encrypted CQL connections between client and server

    • For node-to-node messaging:

      INFO  [main] 2017-06-15 21:50:23,037  MessagingService.java:702 - Starting Encrypted Messaging Service on SSL port 7001

  • SSL fails to start:
    • Truststore or keystore file not found:

      Caused by: org.apache.cassandra.exceptions.ConfigurationException: Failed to initialize SSL
      
      ...
      
      Caused by: java.io.FileNotFoundException: resources/dse/conf/.truststore (No such file or directory)

      Note: Example shows when the default setting was not changed for node-to-node.
    • Truststore or keystore password is invalid:

      Caused by: java.io.IOException: Error creating the initializing the SSL Context
      
      	at org.apache.cassandra.security.SSLFactory.createSSLContext(SSLFactory.java:201)
      
      	at com.datastax.bdp.node.transport.SSLOptions.getDefault(SSLOptions.java:82)
      
      ....
      
      Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect

      Note: Example show when password of keystore for node-to-node is incorrect.